Hi,
On Wed, Mar 03, 2010 at 02:25:44PM -0500, Joey Hess wrote:
> Osamu Aoki wrote:
> > True but debsums can address these issues by system administrator
> > touch-ups as documented in manpage using:
> >
> > * /etc/apt/apt.conf.d/90debsums (debsums >= 2.0.7)
> > * debsums_init(8) (debsums >= 2.0.34 @ 2007)
>
> It's not uncommon to be given an existing system and want to verify
> that no files were modified by its creator, and the current lack of
> md5sums files for a few packages prevents using debsums to do that.
Wait a moment... I do not think those few packages prevents using
debsums to do that. By using debsums_init, you can download (but not
install) packages and create md5sums files for those few packages
preventing to use debsums first.
At least using debsums_init, you have easier time to do what you were
thinking to do. (That is why I wrote it. It is ultra short simple
shell script.)
> (The most common case is probably buying a Debian VM from a hosting
> company.)
(If someone changes installed values of md5sums, debsums are helpless,
as we all agree.)
Osamu